From: Keir Fraser <keir@xensource.com>
To: "George S. Coker, II" <gscoker@alpha.ncsc.mil>,
Keir Fraser <keir@xensource.com>
Cc: xen-devel@lists.xensource.com, xense-devel@lists.xensource.com
Subject: Re: [Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch
Date: Fri, 09 Mar 2007 09:43:28 +0000 [thread overview]
Message-ID: <C216DCC0.B1E2%keir@xensource.com> (raw)
In-Reply-To: <1173383888.11144.119.camel@moss-walleye.epoch.ncsc.mil>
On 8/3/07 19:58, "George S. Coker, II" <gscoker@alpha.ncsc.mil> wrote:
> purpose of the security field is not only to facilitate information
> flows to resources, virtual or physical, in the hypervisor, but also to
> facilitate guests in the ability to identify channels based on these
> security properties and support information flows mediated by these
> guests. This is really an important property for creating secure
> channels between domains as well as other resources (virtual or
> physical) resources.
E.g., the information flow from timer events to a guest? I can't envisage
what kinds of policies you might have in mind. I'm probably missing some
bigger picture.
> To achieve a very light-weight
> domain, one would like to remove as much functionality from that domain
> as possible, to include the interrupt handler. Instead, there would
> exist a light-weight domain interrupt handler domain that is responsible
> for this functionality. These interrupts would manifest as interdomain
> channels; however, the ipi mechanism remains unless a hook exists to
> block this code path. Likewise, the light-weight domains wouldn't be
> able to close their channels arbitrarily, and require a check on close
> as well.
I think this sounds like a microkernel-style 'interrupt server'? Why would
you want that? And if you did have it, why would you care about the clients
of this server closing their ends of interdomain event channels?
-- Keir
next prev parent reply other threads:[~2007-03-09 9:43 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-08 15:28 [Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch George S. Coker, II
2007-03-08 15:59 ` Alex Williamson
2007-03-08 16:16 ` George S. Coker, II
2007-03-08 16:43 ` Alex Williamson
2007-03-08 16:21 ` Keir Fraser
2007-03-08 18:08 ` George S. Coker, II
2007-03-08 19:06 ` Keir Fraser
2007-03-08 19:58 ` George S. Coker, II
2007-03-09 9:43 ` Keir Fraser [this message]
2007-03-09 16:55 ` George S. Coker, II
2007-03-09 17:51 ` Stefan Berger
2007-03-09 20:04 ` George S. Coker, II
2007-03-09 22:01 ` Stefan Berger
2007-03-09 22:07 ` George S. Coker, II
2007-03-09 22:09 ` Keir Fraser
2007-03-08 19:08 ` George S. Coker, II
-- strict thread matches above, loose matches on Subject: below --
2007-03-13 19:33 George S. Coker, II
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C216DCC0.B1E2%keir@xensource.com \
--to=keir@xensource.com \
--cc=gscoker@alpha.ncsc.mil \
--cc=xen-devel@lists.xensource.com \
--cc=xense-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.